NEWS revision 3769415e6573da64fb80e31f4bb3f850cd99031e
ee9c9500ab13c1093fc3feaf2aa5a0d330d0bfadKay Sieverssystemd System and Service Manager
5274f05381d460069458d2139a28766c574fb197Kay SieversCHANGES WITH 217:
5274f05381d460069458d2139a28766c574fb197Kay Sievers * journalctl gained the new options -t/--identifier= to match
5274f05381d460069458d2139a28766c574fb197Kay Sievers on the syslog identifier (aka "tag"), as well as --utc to
5274f05381d460069458d2139a28766c574fb197Kay Sievers show log timestamps in the UTC timezone. journalctl now also
19aadacf92ad86967ffb678e37b2ff9e83cb9480Jan Engelhardt accepts -n/--lines=all to disable line capping in a pager.
cff452c7e974db5053cdbd0d7bbbab2e3b4c91b9Kay Sievers * Services can notify the manager before they start a reload
cff452c7e974db5053cdbd0d7bbbab2e3b4c91b9Kay Sievers (by sending RELOADING=1) or shutdown (by sending
cff452c7e974db5053cdbd0d7bbbab2e3b4c91b9Kay Sievers STOPPING=1). This allows the manager to track and show the
f957632b960a0a42999b38ded7089fa602b41745Kay Sievers internal state of daemons and closes a race condition when
f957632b960a0a42999b38ded7089fa602b41745Kay Sievers the process is still running but has closed its D-Bus
a40593a0d0d740efa387e35411e1e456a6c5aba7Lennart Poettering * Services with Type=oneshot do not have to have any ExecStart
20ffc4c4a9226b0e45cc02ad9c0108981626c0bbKay Sievers commands anymore.
ea92ae33e0fbbf8a98cd2e08ca5a850d83d57faeMaciej Wereski * User units are now loaded also from
ea92ae33e0fbbf8a98cd2e08ca5a850d83d57faeMaciej Wereski $XDG_RUNTIME_DIR/systemd/user/. This is similar to the
04ac799283f517672a5424e7c5bf066cfa4ca020Zbigniew Jędrzejewski-Szmek /run/systemd/user directory that was already previously
04ac799283f517672a5424e7c5bf066cfa4ca020Zbigniew Jędrzejewski-Szmek supported, but is under the control of the user.
04ac799283f517672a5424e7c5bf066cfa4ca020Zbigniew Jędrzejewski-Szmek * Job timeouts (i.e. time-outs on the time a job that is
d8160f21fd295b451cee9679aa281fedf1cb8e8cZbigniew Jędrzejewski-Szmek queued stays in the run queue) can now optionally result in
d8160f21fd295b451cee9679aa281fedf1cb8e8cZbigniew Jędrzejewski-Szmek immediate reboot or power-off actions (JobTimeoutAction= and
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering JobTimeoutRebootArgument=). This is useful on ".target"
7b4da18c1717f811bae67ea3d39290495857c03eLennart Poettering units, to limit the maximum time a target remains
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering undispatched in the run queue, and to trigger an emergency
466784c8710e5cb0e0b86a16506d992d7ec5b619Kay Sievers operation in such a case. This is now used by default to
55d32caf94d8df547ca763be52b0c35bb6388606Lennart Poettering turn off the system if boot-up (as defined by everything in
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering basic.target) hangs and does not complete for at least
bafb15bab99887d1b6b8a35136531bac6c3876a6Lennart Poettering 15min. Also, if power-off or reboot hang for at least 30min
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering an immediate power-off/reboot operation is triggered. This
bafb15bab99887d1b6b8a35136531bac6c3876a6Lennart Poettering functionality is particularly useful to increase reliability
eb124a97fb72d076014253b1acde69d428f15ecfLennart Poettering on embedded devices, but also on laptops which might
154ff088d371bee5651eaa2bc9bde8a34c185656Lennart Poettering accidentally get powered on when carried in a backpack and
3540c7f88fd4b860d3d6d0e931ddb7cd91bc559aLennart Poettering whose boot stays stuck in a hard disk encryption passphrase
488ad3b32a7e2b5b1380abf4a15e5f65fa65f3feLennart Poettering * systemd-logind can be configured to also handle lid switch
488ad3b32a7e2b5b1380abf4a15e5f65fa65f3feLennart Poettering events even when the machine is docked or multiple displays
488ad3b32a7e2b5b1380abf4a15e5f65fa65f3feLennart Poettering are attached (HandleLidSwitchDocked= option).
488ad3b32a7e2b5b1380abf4a15e5f65fa65f3feLennart Poettering * A helper binary and a service have been added which can be
47c94a96df29080f8b3a97e7362df4e9c6ba3265Lennart Poettering used to resume from hibernation in the initramfs. A
47c94a96df29080f8b3a97e7362df4e9c6ba3265Lennart Poettering generator will parse the resume= option on the kernel
09ecd746c9d6581664873674c2188f8c93ed7780Lennart Poettering command-line to trigger resume.
09ecd746c9d6581664873674c2188f8c93ed7780Lennart Poettering * A user console daemon systemd-consoled has been
09ecd746c9d6581664873674c2188f8c93ed7780Lennart Poettering added. Currently, it is a preview, and will so far open a
09ecd746c9d6581664873674c2188f8c93ed7780Lennart Poettering single terminal on each session of the user marked as
09ecd746c9d6581664873674c2188f8c93ed7780Lennart Poettering Desktop=SYSTEMD-CONSOLE.
3333d748facc15f49935b6b793490ba0824976e6Zbigniew Jędrzejewski-Szmek * Route metrics can be specified for DHCP routes added by
708c143c7cd2bbd748ac0fa993496ff44e72701cZbigniew Jędrzejewski-Szmek systemd-networkd.
e79e8afd62bdec28a88d52fa0761aff9ce145b77Lennart Poettering * The SELinux context of socket-actived services can be set
e79e8afd62bdec28a88d52fa0761aff9ce145b77Lennart Poettering from the information provided by the networking stack
b6741478e7661c7e580e5dcfd6a6fccd1899c1d0Lennart Poettering (SELinuxContextFromNet= option).
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering * Userspace firmware loading support has been removed and
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering the minimum supported kernel version is thus bumped to 3.7.
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering * Timeout for udev workers has been increased from 1 to 3
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering minutes, but a warning will be printed after 1 minute to
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering help diagnose kernel modules that take a long time to load.
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering * Udev rules can now remove tags on devices with TAG-="foobar".
0bee65f0622c4faa8ac8ae771cc0c8a936dfa284Lennart Poettering * systemd's readahead implementation has been removed. In many
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering circumstatances it didn't give expected benefits even for
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering rotational disk drives and was becoming less relevant in the
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering age of SSDs. As none of the developers has been using
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering rotating media anymore, and nobody stepped up to actively
ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602Lennart Poettering maintain this component of systemd it has now been removed.
08cd15525450ff2c2ac814a58930f6d82284a1baLennart Poettering * Swap units can use Discard= to specify discard options.
2e41a51ea4cf68f67d6d1e71482d95d9d50091b3Lennart Poettering Discard options specified for swaps in /etc/fstab are now
718db96199eb307751264e4163555662c9a389faLennart Poettering * Docker containers are now detected as a separate type of
718db96199eb307751264e4163555662c9a389faLennart Poettering virtualization.
718db96199eb307751264e4163555662c9a389faLennart Poettering * The Password Agent protocol gained support for queries where
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering the user input is shown, useful e.g. for usernames.
718db96199eb307751264e4163555662c9a389faLennart Poettering systemd-ask-password gained a new --echo option to turn that
966204e010ed432a1d7a0481d41a326d8ec7b0c8Lennart Poettering * The default sysctl.d/ snippets will now set:
ced4d06784dbb19666688947901961f949f2aa6dLennart Poettering This selects Fair Queueing Controlled Delay as the default
ced4d06784dbb19666688947901961f949f2aa6dLennart Poettering queueing discipline for network interfaces. fq_codel helps
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering fight the network bufferbloat problem. It is believed to be
416446221d905b6815175dc4d525d27f8ae43d1bLennart Poettering a good default with no tuning required for most workloads.
416446221d905b6815175dc4d525d27f8ae43d1bLennart Poettering Downstream distributions may override this choice. On 10Gbit
416446221d905b6815175dc4d525d27f8ae43d1bLennart Poettering servers that do not do forwarding, "fq" may perform better.
9db76355212de5eb7985829d352183d3bdfb56d5Lennart Poettering Systems without a good clocksource should use "pfifo_fast".
baa89da40a1d42242c9c62603501ada7e9e52613Lennart Poettering * If kdbus is enabled during build a new option BusPolicy= is
baa89da40a1d42242c9c62603501ada7e9e52613Lennart Poettering available for service units, that allows locking all service
7f79cd7109a60810140a045cc725291fc5515264Lennart Poettering processes into a stricter bus policy, in order to limit
0aafd43d235982510d1c40564079f7bcec0c7c19Lennart Poettering access to various bus services, or even hide most of them
19aadacf92ad86967ffb678e37b2ff9e83cb9480Jan Engelhardt from the service's view entirely.
df5f6971e6e15b4632884916c71daa076c8bae96Lennart Poettering * networkctl will now show the .network and .link file
df5f6971e6e15b4632884916c71daa076c8bae96Lennart Poettering networkd has applied to a specific interface.
982e44dbc3e70c97e83464a30354b80973d52b41Lennart Poettering * sd-login gained a new API call sd_session_get_desktop() to
982e44dbc3e70c97e83464a30354b80973d52b41Lennart Poettering query which desktop environment has been selected for a
fcba531ed4c6e6f8f21d8ca4e3a56e3162b1c578Lennart Poettering * UNIX utmp support is now compile-time optional to support
8b8f259170e35b93e6c6d1757cb8b835bbdaa40cZbigniew Jędrzejewski-Szmek legacy-free systems.
e10e429f2dcbb586215e65f62847f40c7d8b5956David Herrmann * systemctl gained two new commands "add-wants" and
e1b7e7ec9b34ae6ae54a4c8084395cbf2bfe9960Lennart Poettering "add-requires" for pulling in units from specific targets
e1b7e7ec9b34ae6ae54a4c8084395cbf2bfe9960Lennart Poettering * If the word "rescue" is specified on the kernel command line
18d4e7c26e7806ac363d19989df7144d5058ce41Lennart Poettering the system will now boot into rescue mode (aka
bdeeb6b543a2a2d0a494f17b85f1498859cdfc2fLennart Poettering rescue.target), which was previously available only by
bdeeb6b543a2a2d0a494f17b85f1498859cdfc2fLennart Poettering specifying "1" or "systemd.unit=rescue.target" on the kernel
bdeeb6b543a2a2d0a494f17b85f1498859cdfc2fLennart Poettering command line. This new kernel command line option nicely
bdeeb6b543a2a2d0a494f17b85f1498859cdfc2fLennart Poettering mirrors the already existing "emergency" kernel command line
9444b1f20e311f073864d81e913bd4f32fe95cfdLennart Poettering * New kernel command line options mount.usr=, mount.usrflags=,
466784c8710e5cb0e0b86a16506d992d7ec5b619Kay Sievers usrfstype= have been added that match root=, rootflags=,
466784c8710e5cb0e0b86a16506d992d7ec5b619Kay Sievers rootfstype= but allow mounting a specific file system to
1f263d4dc23b9807ac6138eb5014d3d94c5fe51aLennart Poettering * The $NOTIFY_SOCKET is now also passed to control processesof
4e09014daf8f98584b3f15e64e93bed232e70a6bLennart Poettering services, not only the main process.
4e09014daf8f98584b3f15e64e93bed232e70a6bLennart Poettering * This version reenables support for fsck's -l switch. This
6bb648a16ae4a682ad4784412af706d2e6a3e4daTom Gundersen means at least version v2.25 of util-linux is required for
eb01ba5de14859d7a94835ab9299de40132d549aLennart Poettering operation, otherwise dead-locks on device nodes may
86312ab8de59c1066d6d2b456f3a9106ce3e0991Lennart Poettering occur. Again: you need to update util-linux to at least
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering v2.25 when updating systemd to v217.
bee7e928990fd8a0c5909c2022a2b9eede557c81Lennart Poettering * The "multi-seat-x" tool has been removed from systemd, as
bee7e928990fd8a0c5909c2022a2b9eede557c81Lennart Poettering its functionality has been integrated into X servers 1.16,
80caea6cc72ebd311a311b1527cc6b87201c13bfLennart Poettering and the tool is hence redundant. It is recommended to update
ab9716c2489f9141ed13ec22dbb216b3e6fbd6b5Lennart Poettering display managers invoking this tool to simply invoke X
452de75e5b8b1cff207243848f4e5de68620554cLennart Poettering directly from now on, again.
df98a87ba389bdfc0359beedf47557411f3af434Lennart PoetteringCHANGES WITH 216:
df98a87ba389bdfc0359beedf47557411f3af434Lennart Poettering * timedated no longer reads NTP implementation unit names from
bee7e928990fd8a0c5909c2022a2b9eede557c81Lennart Poettering /usr/lib/systemd/ntp-units.d/*.list. Alternative NTP
0058679911db806b6db2fa445a1ce879a436c9d6Lennart Poettering implementations should add a
aa575ef8dec6fe74c9fdf27960125dd214511202Lennart Poettering to their unit files to take over and replace systemd's NTP
ab9716c2489f9141ed13ec22dbb216b3e6fbd6b5Lennart Poettering default functionality.
69727e6dc69ae5d9b5ae3681723778a3faa354e9Lennart Poettering * systemd-sysusers gained a new line type "r" for configuring
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering which UID/GID ranges to allocate system users/groups
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering from. Lines of type "u" may now add an additional column
12179984a38fe74581333fbcdc11c822d81f505fLennart Poettering that specifies the home directory for the system user to be
eb01ba5de14859d7a94835ab9299de40132d549aLennart Poettering created. Also, systemd-sysusers may now optionally read user
154ff088d371bee5651eaa2bc9bde8a34c185656Lennart Poettering information from STDIN instead of a file. This is useful for
154ff088d371bee5651eaa2bc9bde8a34c185656Lennart Poettering invoking it from RPM preinst scriptlets that need to create
154ff088d371bee5651eaa2bc9bde8a34c185656Lennart Poettering users before the first RPM file is installed since these
154ff088d371bee5651eaa2bc9bde8a34c185656Lennart Poettering files might need to be owned by them. A new
d686f034c3b9021e07faefe172ee660abd952871Lennart Poettering %sysusers_create_inline RPM macro has been introduced to do
d686f034c3b9021e07faefe172ee660abd952871Lennart Poettering just that. systemd-sysusers now updates the shadow files as
d686f034c3b9021e07faefe172ee660abd952871Lennart Poettering well as the user/group databases, which should enhance
69af45035913e7119cffd94c542bd3039600e45dZbigniew Jędrzejewski-Szmek compatibility with certain tools like grpck.
69af45035913e7119cffd94c542bd3039600e45dZbigniew Jędrzejewski-Szmek * A number of bus APIs of PID 1 now optionally consult
e8a7a315391a6a07897122725cd707f4e9ce63d7Lennart Poettering PolicyKit to permit access for otherwise unprivileged
461bd8e47cafacfcd38389e7558330bfb6e902adLennart Poettering clients under certain conditions. Note that this currently
461bd8e47cafacfcd38389e7558330bfb6e902adLennart Poettering doesn't support interactive authentication yet, but this is
461bd8e47cafacfcd38389e7558330bfb6e902adLennart Poettering expected to be added eventually, too.
ab8e074ce25b9947314c69e17afe1bd2527ee26dLennart Poettering * /etc/machine-info now has new fields for configuring the
ab8e074ce25b9947314c69e17afe1bd2527ee26dLennart Poettering deployment environment of the machine, as well as the
ab8e074ce25b9947314c69e17afe1bd2527ee26dLennart Poettering location of the machine. hostnamectl has been updated with
b454b11220e87add6d0f011695c7912b009c853dLennart Poettering new command to update these fields.
b454b11220e87add6d0f011695c7912b009c853dLennart Poettering * systemd-timesyncd has been updated to automatically acquire
b454b11220e87add6d0f011695c7912b009c853dLennart Poettering NTP server information from systemd-networkd, which might
06db8540cdfc8259423ed90e7352dbc1d71eccd9Lennart Poettering have been discovered via DHCP.
4ff49cb63075aba646b578f2516b37a8dfd5a65bLennart Poettering * systemd-resolved now includes a caching DNS stub resolver
4ff49cb63075aba646b578f2516b37a8dfd5a65bLennart Poettering and a complete LLMNR name resolution implementation. A new
fff87a35d9e26c0d4ea41273a963c0eb20e18da4Zbigniew Jędrzejewski-Szmek NSS module "nss-resolve" has been added which can be used
fff87a35d9e26c0d4ea41273a963c0eb20e18da4Zbigniew Jędrzejewski-Szmek instead of glibc's own "nss-dns" to resolve hostnames via
fff87a35d9e26c0d4ea41273a963c0eb20e18da4Zbigniew Jędrzejewski-Szmek systemd-resolved. Hostnames, addresses and arbitrary RRs may
b8b4d3dddc7611dce3bf28004b0375d661120c62Lennart Poettering be resolved via systemd-resolved D-Bus APIs. In contrast to
b8b4d3dddc7611dce3bf28004b0375d661120c62Lennart Poettering the glibc internal resolver systemd-resolved is aware of
b8b4d3dddc7611dce3bf28004b0375d661120c62Lennart Poettering multi-homed system, and keeps DNS server and caches separate
3df82d5a8cdc510f518fd5e234ccb3233b748719Lennart Poettering and per-interface. Queries are sent simultaneously on all
3df82d5a8cdc510f518fd5e234ccb3233b748719Lennart Poettering interfaces that have DNS servers configured, in order to
3df82d5a8cdc510f518fd5e234ccb3233b748719Lennart Poettering properly handle VPNs and local LANs which might resolve
3df82d5a8cdc510f518fd5e234ccb3233b748719Lennart Poettering separate sets of domain names. systemd-resolved may acquire
b5c03638d48c07aa0eaf13b5f54000c7133e1883Lennart Poettering DNS server information from systemd-networkd automatically,
b5c03638d48c07aa0eaf13b5f54000c7133e1883Lennart Poettering which in turn might have discovered them via DHCP. A tool
b5c03638d48c07aa0eaf13b5f54000c7133e1883Lennart Poettering "systemd-resolve-host" has been added that may be used to
b5c03638d48c07aa0eaf13b5f54000c7133e1883Lennart Poettering query the DNS logic in resolved. systemd-resolved implements
b5c03638d48c07aa0eaf13b5f54000c7133e1883Lennart Poettering IDNA and automatically uses IDNA or UTF-8 encoding depending
eece8c6fb5f4d354dcef6fd369e876c4f3a3f163Lennart Poettering on whether classic DNS or LLMNR is used as transport. In the
eece8c6fb5f4d354dcef6fd369e876c4f3a3f163Lennart Poettering next releases we intend to add a DNSSEC and mDNS/DNS-SD
eece8c6fb5f4d354dcef6fd369e876c4f3a3f163Lennart Poettering implementation to systemd-resolved.
356ce9915ab1a4a1e6dc26954df34936a69e7c12Lennart Poettering * A new NSS module nss-mymachines has been added, that
356ce9915ab1a4a1e6dc26954df34936a69e7c12Lennart Poettering automatically resolves the names of all local registered
356ce9915ab1a4a1e6dc26954df34936a69e7c12Lennart Poettering containers to their respective IP addresses.
3b953d68c628c6ae70adba871719ac0f16083b51Josh Triplett * A new client tool "networkctl" for systemd-networkd has been
3b953d68c628c6ae70adba871719ac0f16083b51Josh Triplett added. It currently is entirely passive and will query
3b953d68c628c6ae70adba871719ac0f16083b51Josh Triplett networking configuration from udev, rtnetlink and networkd,
3b953d68c628c6ae70adba871719ac0f16083b51Josh Triplett and present it to the user in a very friendly
09f727eebd87661f263d3c2c1e0de7b7771acd40Lennart Poettering way. Eventually, we hope to extend it to become a full
09f727eebd87661f263d3c2c1e0de7b7771acd40Lennart Poettering control utility for networkd.
795607b22308f5b92073b012e43be1892fdd97c0Lennart Poettering * .socket units gained a new DeferAcceptSec= setting that
795607b22308f5b92073b012e43be1892fdd97c0Lennart Poettering controls the kernels' TCP_DEFER_ACCEPT sockopt for
795607b22308f5b92073b012e43be1892fdd97c0Lennart Poettering TCP. Similar, support for controlling TCP keep-alive
795607b22308f5b92073b012e43be1892fdd97c0Lennart Poettering settings has been added (KeepAliveTimeSec=,
795607b22308f5b92073b012e43be1892fdd97c0Lennart Poettering KeepAliveIntervalSec=, KeepAliveProbes=). Also, support for
0be8342c04bbf129b4a21e5073eacccbbce4e896Lennart Poettering turning off Nagle's algorithm on TCP has been added
0be8342c04bbf129b4a21e5073eacccbbce4e896Lennart Poettering * logind learned a new session type "web", for use in projects
0be8342c04bbf129b4a21e5073eacccbbce4e896Lennart Poettering like Cockpit which register web clients as PAM sessions.
54c31a79f72ff57ac8eba089acacc4ab482b745dLennart Poettering * timer units with at least one OnCalendar= setting will now
826872b61e4857dfffe63ba84e2b005623baecd6Lennart Poettering be started only after timer-sync.target has been
826872b61e4857dfffe63ba84e2b005623baecd6Lennart Poettering reached. This way they will not elapse before the system
54c31a79f72ff57ac8eba089acacc4ab482b745dLennart Poettering clock has been corrected by a local NTP client or
826872b61e4857dfffe63ba84e2b005623baecd6Lennart Poettering similar. This is particular useful on RTC-less embedded
3679d1126bae52e02f6cd60fca196f616b9e660dLennart Poettering machines, that come up with an invalid system clock.
3679d1126bae52e02f6cd60fca196f616b9e660dLennart Poettering * systemd-nspawn's --network-veth= switch should now result in
3679d1126bae52e02f6cd60fca196f616b9e660dLennart Poettering stable MAC addresses for both the outer and the inner side
cbb7712189527f9f483321607e44c4ead3dd11b8Lennart Poettering * systemd-nspawn gained a new --volatile= switch for running
cbb7712189527f9f483321607e44c4ead3dd11b8Lennart Poettering container instances with /etc or /var unpopulated.
d01a73b6396f57792113c1b5df6e8492fc703e5eLennart Poettering * The kdbus client code has been updated to use the new Linux
f8aeee1f1fe432924b355f48f01f09c9a552ed97Lennart Poettering 3.17 memfd subsystem instead of the old kdbus-specific one.
f8aeee1f1fe432924b355f48f01f09c9a552ed97Lennart Poettering * systemd-networkd's DHCP client and server now support
f8aeee1f1fe432924b355f48f01f09c9a552ed97Lennart Poettering FORCERENEW. There are also new configuration options to
f8aeee1f1fe432924b355f48f01f09c9a552ed97Lennart Poettering configure the vendor client identifier and broadcast mode
81d112a8f0522a09fcfe317f420363a2b728137cLennart Poettering * systemd will no longer inform the kernel about the current
490b7e47093d491a2bdb1084fe92b796f4e07eefLennart Poettering timezone, as this is necessarily incorrect and racy as the
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering kernel has no understanding of DST and similar
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering concepts. This hence means FAT timestamps will be always
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering considered UTC, similar to what Android is already
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering doing. Also, when the RTC is configured to the local time
466784c8710e5cb0e0b86a16506d992d7ec5b619Kay Sievers (rather than UTC) systemd will never synchronize back to it,
e41814846c19a48f4490169d82e359e005c4db45Lennart Poettering as this might confuse Windows at a later boot.
e9fd44b728ff1fc0d1f24fccb87a767f6865df27Lennart Poettering * systemd-analyze gained a new command "verify" for offline
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering validation of unit files.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * systemd-networkd gained support for a couple of additional
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering settings for bonding networking setups. Also, the metric for
3040728b6691ea2e9df3a2060e2d49a792bbaedaLennart Poettering statically configured routes may now be configured. For
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering network interfaces where this is appropriate the peer IP
8ed206517c2be381324ac5832bf34cc14024270eLennart Poettering address may now be configured.
e6c6e7afffa80ad74efdb1ddfa815294624f1608Lennart Poettering * systemd-networkd's DHCP client will no longer request
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering broadcasting by default, as this tripped up some networks.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering For hardware where broadcast is required the feature should
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering be switched back on using RequestBroadcast=yes.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * systemd-networkd will now set up IPv4LL addresses (when
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering enabled) even if DHCP is configured successfully.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * udev will now default to respect network device names given
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering by the kernel when the kernel indicates that these are
e5ec62c56963d997edaffa904af5dc45dac23988Lennart Poettering predictable. This behavior can be tweaked by changing
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering NamePolicy= in the relevant .link file.
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering * A new library systemd-terminal has been added that
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering implements full TTY stream parsing and rendering. This
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering library is supposed to be used later on for implementing a
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering full userspace VT subsystem, replacing the current kernel
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering implementation.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * A new tool systemd-journal-upload has been added to push
e673ad0415d89c322e5b1a121e411f1b1d8075c0Lennart Poettering journal data to a remote system running
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering systemd-journal-remote.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * journald will no longer forward all local data to another
c06bf414042cd1bf94e0af63e9e2a0c291bfc546Kay Sievers running syslog daemon. This change has been made because
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering rsyslog (which appears to be the most commonly used syslog
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering implementation these days) no longer makes use of this, and
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering instead pulls the data out of the journal on its own. Since
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering forwarding the messages to a non-existent syslog server is
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering more expensive than we assumed we have now turned this
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering off. If you run a syslog server that is not a recent rsyslog
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering version, you have to turn this option on again
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering (ForwardToSyslog= in journald.conf).
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * journald now optionally supports the LZ4 compressor for
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering larger journal fields. This compressor should perform much
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering better than XZ which was the previous default.
f47ec8ebb3858553dec870e1c596e39525f46360Lennart Poettering * machinectl now shows the IP addresses of local containers,
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering if it knows them, plus the interface name of the container.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * A new tool "systemd-escape" has been added that makes it
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering easy to escape strings to build unit names and similar.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * sd_notify() messages may now include a new ERRNO= field
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering which is parsed and collected by systemd and shown among the
f47ec8ebb3858553dec870e1c596e39525f46360Lennart Poettering "systemctl status" output for a service.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * A new component "systemd-firstboot" has been added that
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering queries the most basic systemd information (timezone,
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering hostname, root password) interactively on first
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering boot. Alternatively it may also be used to provision these
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering things offline on OS images installed into directories.
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering * The default sysctl.d/ snippets will now set
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering net.ipv4.conf.default.promote_secondaries=1
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering This has the benefit of no flushing secondary IP addresses
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering when primary addresses are removed.
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering Contributions from: Ansgar Burchardt, Bastien Nocera, Colin
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering Walters, Dan Dedrick, Daniel Buch, Daniel Korostil, Daniel
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering Mack, Dan Williams, Dave Reisner, David Herrmann, Denis
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering Kenzior, Eelco Dolstra, Eric Cook, Hannes Reinecke, Harald
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering Hoyer, Hong Shick Pak, Hui Wang, Jean-André Santoni, Jóhann
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering B. Guðmundsson, Jon Severinsson, Karel Zak, Kay Sievers, Kevin
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering Wells, Lennart Poettering, Lukas Nykryn, Mantas Mikulėnas,
8b8f259170e35b93e6c6d1757cb8b835bbdaa40cZbigniew Jędrzejewski-Szmek Marc-Antoine Perennou, Martin Pitt, Michael Biebl, Michael
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering Marineau, Michael Olbrich, Michal Schmidt, Michal Sekletar,
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering Miguel Angel Ajo, Mike Gilbert, Olivier Brunel, Robert
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering Schiele, Ronny Chevalier, Simon McVittie, Sjoerd Simons, Stef
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering Walter, Steven Noonan, Susant Sahani, Tanu Kaskinen, Thomas
eb124a97fb72d076014253b1acde69d428f15ecfLennart Poettering Blume, Thomas Hindoe Paaboel Andersen, Timofey Titovets,
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering Tobias Geerinckx-Rice, Tomasz Torcz, Tom Gundersen, Umut
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering Tezduyar Lindskog, Zbigniew Jędrzejewski-Szmek
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering -- Berlin, 2014-08-19
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart PoetteringCHANGES WITH 215:
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering * A new tool systemd-sysusers has been added. This tool
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering creates system users and groups in /etc/passwd and
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering /etc/group, based on static declarative system user/group
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering definitions in /usr/lib/sysusers.d/. This is useful to
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering enable factory resets and volatile systems that boot up with
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering an empty /etc directory, and thus need system users and
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering groups created during early boot. systemd now also ships
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering with two default sysusers.d/ files for the most basic
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering users and groups systemd and the core operating system
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * A new tmpfiles snippet has been added that rebuilds the
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering essential files in /etc on boot, should they be missing.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * A directive for ensuring automatic clean-up of
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering /var/cache/man/ has been removed from the default
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering configuration. This line should now be shipped by the man
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering implementation. The necessary change has been made to the
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering man-db implementation. Note that you need to update your man
8b8f259170e35b93e6c6d1757cb8b835bbdaa40cZbigniew Jędrzejewski-Szmek implementation to one that ships this line, otherwise no
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering automatic clean-up of /var/cache/man will take place.
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering * A new condition ConditionNeedsUpdate= has been added that
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering may conditionalize services to only run when /etc or /var
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering are "older" than the vendor operating system resources in
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering /usr. This is useful for reconstructing or updating /etc
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering after an offline update of /usr or a factory reset, on the
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering next reboot. Services that want to run once after such an
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering update or reset should use this condition and order
8b04b925e587ff56568c62ff5ad3f2ea2b34ca7aLennart Poettering themselves before the new systemd-update-done.service, which
e673ad0415d89c322e5b1a121e411f1b1d8075c0Lennart Poettering will mark the two directories as fully updated. A number of
e673ad0415d89c322e5b1a121e411f1b1d8075c0Lennart Poettering service files have been added making use of this, to rebuild
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering the udev hardware database, the journald message catalog and
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering dynamic loader cache (ldconfig). The systemd-sysusers tool
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering described above also makes use of this now. With this in
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering place it is now possible to start up a minimal operating
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering system with /etc empty cleanly. For more information on the
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering concepts involved see this recent blog story:
eb124a97fb72d076014253b1acde69d428f15ecfLennart Poettering http://0pointer.de/blog/projects/stateless.html
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering * A new system group "input" has been introduced, and all
90e071d1d59be05fcba66561439c3ca67c80ee20Lennart Poettering input device nodes get this group assigned. This is useful
90e071d1d59be05fcba66561439c3ca67c80ee20Lennart Poettering for system-level software to get access to input devices. It
d2e83c23f5f0cdd3b6ec05c5c40209708721e704Kay Sievers complements what is already done for "audio" and "video".
d2e83c23f5f0cdd3b6ec05c5c40209708721e704Kay Sievers * systemd-networkd learnt minimal DHCPv4 server support in
d2e83c23f5f0cdd3b6ec05c5c40209708721e704Kay Sievers addition to the existing DHCPv4 client support. It also
f6113d42d015ad9f3a9e702a09eb8006511a4424Kay Sievers learnt DHCPv6 client and IPv6 Router Solicitation client
f6113d42d015ad9f3a9e702a09eb8006511a4424Kay Sievers support. The DHCPv4 client gained support for static routes
d2e83c23f5f0cdd3b6ec05c5c40209708721e704Kay Sievers passed in from the server. Note that the [DHCPv4] section
7a43e910ce00eef22fd42925ae4c85cbea1b1320Kay Sievers known in older systemd-networkd versions has been renamed to
d2e83c23f5f0cdd3b6ec05c5c40209708721e704Kay Sievers [DHCP] and is now also used by the DHCPv6 client. Existing
c55b1b59b837dfd924b704d457ed77c55f8bfeabLennart Poettering .network files using settings of this section should be
59704f3e937c664f7324bfbb08483c358dfbc4c6Lennart Poettering updated, though compatibility is maintained. Optionally, the
59704f3e937c664f7324bfbb08483c358dfbc4c6Lennart Poettering client hostname may now be sent to the DHCP server.
9ec82de1725ddaab333149171b790d62c47ae133Lennart Poettering * networkd gained support for vxlan virtual networks as well
e707c49485b8f4f2ec040d3da232d39153e650b9Lennart Poettering as tun/tap and dummy devices.
e707c49485b8f4f2ec040d3da232d39153e650b9Lennart Poettering * networkd gained support for automatic allocation of address
7f8732835295fce29479b1afc9e8ee801852db09Lennart Poettering ranges for interfaces from a system-wide pool of
7f8732835295fce29479b1afc9e8ee801852db09Lennart Poettering addresses. This is useful for dynamically managing a large
7f8732835295fce29479b1afc9e8ee801852db09Lennart Poettering number of interfaces with a single network configuration
e707c49485b8f4f2ec040d3da232d39153e650b9Lennart Poettering file. In particular this is useful to easily assign
a19554ed92a7460b4e709cc40c558cde827ab85bLennart Poettering appropriate IP addresses to the veth links of a large number
a19554ed92a7460b4e709cc40c558cde827ab85bLennart Poettering of nspawn instances.
1cb88f2c61f590083847d65cd5a518e834da87d3Lennart Poettering * RPM macros for processing sysusers, sysctl and binfmt
1cb88f2c61f590083847d65cd5a518e834da87d3Lennart Poettering drop-in snippets at package installation time have been
603cd8fe07cb03e8b11722d1a732e569e5a46347Lennart Poettering * The /etc/os-release file should now be placed in
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering /usr/lib/os-release. The old location is automatically
6d0274f11547a0f11200bb82bf598a5a253e12cfLennart Poettering created as symlink. /usr/lib is the more appropriate
a7a3f28be404875eff20443a0fa8088bcc4c18dfLennart Poettering location of this file, since it shall actually describe the
a7a3f28be404875eff20443a0fa8088bcc4c18dfLennart Poettering vendor operating system shipped in /usr, and not the
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering configuration stored in /etc.
7d8197d1f25c1291855bb6cffc705444978c6d8dKay Sievers * .mount units gained a new boolean SloppyOptions= setting
7d8197d1f25c1291855bb6cffc705444978c6d8dKay Sievers that maps to mount(8)'s -s option which enables permissive
7d8197d1f25c1291855bb6cffc705444978c6d8dKay Sievers parsing of unknown mount options.
7d8197d1f25c1291855bb6cffc705444978c6d8dKay Sievers * tmpfiles learnt a new "L+" directive which creates a symlink
7d8197d1f25c1291855bb6cffc705444978c6d8dKay Sievers but (unlike "L") deletes a pre-existing file first, should
7d8197d1f25c1291855bb6cffc705444978c6d8dKay Sievers it already exist and not already be the correct
9ee58bddeb6eb044753167e0047fe836479ca5dbKay Sievers symlink. Similar, "b+", "c+" and "p+" directives have been
9ee58bddeb6eb044753167e0047fe836479ca5dbKay Sievers added as well, which create block and character devices, as
dcfc4b2e5c1af6375488c00bdc6fb8122f86c4d7Lennart Poettering well as fifos in the filesystem, possibly removing any
71ef24d09573874c0f7bc323c07c3aec2a458707Lennart Poettering pre-existing files of different types.
1b89884ba31cbe98f159ce2c7d6fac5f6a57698fLennart Poettering * For tmpfiles' "L", "L+", "C" and "C+" directives the final
1b89884ba31cbe98f159ce2c7d6fac5f6a57698fLennart Poettering 'argument' field (which so far specified the source to
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering symlink/copy the files from) is now optional. If omitted the
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering same file os copied from /usr/share/factory/ suffixed by the
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering full destination path. This is useful for populating /etc
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering with essential files, by copying them from vendor defaults
eb124a97fb72d076014253b1acde69d428f15ecfLennart Poettering * A new command "systemctl preset-all" has been added that
eb124a97fb72d076014253b1acde69d428f15ecfLennart Poettering applies the service preset settings to all installed unit
eb124a97fb72d076014253b1acde69d428f15ecfLennart Poettering files. A new switch --preset-mode= has been added that
eb124a97fb72d076014253b1acde69d428f15ecfLennart Poettering controls whether only enable or only disable operations
3679d1126bae52e02f6cd60fca196f616b9e660dLennart Poettering shall be executed.
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering * A new command "systemctl is-system-running" has been added
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering that allows checking the overall state of the system, for
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering example whether it is fully up and running.
a56b63f41dc779a86573ae77814c14c1db156398Lennart Poettering * When the system boots up with an empty /etc, the equivalent
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering to "systemctl preset-all" is executed during early boot, to
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering make sure all default services are enabled after a factory
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * systemd now contains a minimal preset file that enables the
5f1dac6bf605871615b35891a3966fa474db5b20Lennart Poettering most basic services systemd ships by default.
424a19f8a2061c6b058283228734010b2fa24db4Lennart Poettering * Unit files' [Install] section gained a new DefaultInstance=
41f9172f427bdbb8221c64029f78364b8dd4e527Lennart Poettering field for defining the default instance to create if a
424a19f8a2061c6b058283228734010b2fa24db4Lennart Poettering template unit is enabled with no instance specified.
424a19f8a2061c6b058283228734010b2fa24db4Lennart Poettering * A new passive target cryptsetup-pre.target has been added
a1cccad1fe88ddd6943e18af97cf7f466296970fLennart Poettering that may be used by services that need to make they run and
a1cccad1fe88ddd6943e18af97cf7f466296970fLennart Poettering finish before the first LUKS cryptographic device is set up.
d05c556b6b2a680ec8b51ecbbc99a9ab14c28eedZbigniew Jędrzejewski-Szmek * The /dev/loop-control and /dev/btrfs-control device nodes
8556879e0d14925ce897875c6c264368e2d048c2Lennart Poettering are now owned by the "disk" group by default, opening up
8556879e0d14925ce897875c6c264368e2d048c2Lennart Poettering access to this group.
4a30847b9d71e0381948d68279c8f775b9de7850Lennart Poettering * systemd-coredump will now automatically generate a
4a30847b9d71e0381948d68279c8f775b9de7850Lennart Poettering stack trace of all core dumps taking place on the system,
5e8b28838e493b59628322b69580097ef7dd9384Lennart Poettering based on elfutils' libdw library. This stack trace is logged
5e8b28838e493b59628322b69580097ef7dd9384Lennart Poettering to the journal.
d87be9b0af81a6e07d4fb3028e45c4409100dc26Lennart Poettering * systemd-coredump may now optionally store coredumps directly
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering on disk (in /var/lib/systemd/coredump, possibly compressed),
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering instead of storing them unconditionally in the journal. This
d8b78264a5245307babbf5af8e39d6d4a1ae095fLennart Poettering mode is the new default. A new configuration file
d8b78264a5245307babbf5af8e39d6d4a1ae095fLennart Poettering /etc/systemd/coredump.conf has been added to configure this
7560fffcd2531786b9c1ca657667a43e90331326Lennart Poettering and other parameters of systemd-coredump.
68f160039eb78fe122cfe0d4c49695ae91f6f0d1Lennart Poettering * coredumpctl gained a new "info" verb to show details about a
0790b9fed42eefc4e22dbbe2337cba9713b7848cLennart Poettering specific coredump. A new switch "-1" has also been added
5a7e959984788cf89719dec31999409b63bb802bLennart Poettering that makes sure to only show information about the most
5a7e959984788cf89719dec31999409b63bb802bLennart Poettering recent entry instead of all entries. Also, as the tool is
68f160039eb78fe122cfe0d4c49695ae91f6f0d1Lennart Poettering generally useful now the "systemd-" prefix of the binary
68f160039eb78fe122cfe0d4c49695ae91f6f0d1Lennart Poettering name has been removed. Distributions that want to maintain
68f160039eb78fe122cfe0d4c49695ae91f6f0d1Lennart Poettering compatibility with the old name should add a symlink from
68f160039eb78fe122cfe0d4c49695ae91f6f0d1Lennart Poettering the old name to the new name.
68f160039eb78fe122cfe0d4c49695ae91f6f0d1Lennart Poettering * journald's SplitMode= now defaults to "uid". This makes sure
0790b9fed42eefc4e22dbbe2337cba9713b7848cLennart Poettering that unprivileged users can access their own coredumps with
fd4d89b2c0b31da01d134301e30916931ae3c7d9Lennart Poettering coredumpctl without restrictions.
8230e26dc954a40d8c9dbc8ddd9376117021f9d2Lennart Poettering * New kernel command line options "systemd.wants=" (for
8230e26dc954a40d8c9dbc8ddd9376117021f9d2Lennart Poettering pulling an additional unit during boot), "systemd.mask="
4d9909c93e9c58789c71b34555a1908307c6849eLennart Poettering (for masking a specific unit for the boot), and
4d9909c93e9c58789c71b34555a1908307c6849eLennart Poettering "systemd.debug-shell" (for enabling the debug shell on tty9)
47ae7201b1df43bd3da83a19e38483b0e5694c99Lennart Poettering have been added. This is implemented in the new generator
47ae7201b1df43bd3da83a19e38483b0e5694c99Lennart Poettering "systemd-debug-generator".
8351ceaea9480d9c2979aa2ff0f4982cfdfef58dLennart Poettering * systemd-nspawn will now by default filter a couple of
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering syscalls for containers, among them those required for
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering kernel module loading, direct x86 IO port access, swap
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering management, and kexec. Most importantly though
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering open_by_handle_at() is now prohibited for containers,
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering closing a hole similar to a recently discussed vulnerability
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering in docker regarding access to files on file hierarchies the
c66d36e5b5ae81f3c5297d6dacadc13c88c530f6Lennart Poettering container should normally not have access to. Note that for
9946996cda11a18b44d82344676e5a0e96339408Lennart Poettering nspawn we generally make no security claims anyway (and
9946996cda11a18b44d82344676e5a0e96339408Lennart Poettering this is explicitly documented in the man page), so this is
9946996cda11a18b44d82344676e5a0e96339408Lennart Poettering just a fix for one of the most obvious problems.
3471bedc005fab03f40b99bf6599645330adcd9eLennart Poettering * A new man page file-hierarchy(7) has been added that
59cea26a349cfa8db906b520dac72563dd773ff2Lennart Poettering contains a minimized, modernized version of the file system
35eb6b124ebdf82bd77aad6e44962a9a039c4d33Lennart Poettering layout systemd expects, similar in style to the FHS
5b40d33761376354116a8cddb9b9fbdb6c4727d6Lennart Poettering specification or hier(5). A new tool systemd-path(1) has
5b40d33761376354116a8cddb9b9fbdb6c4727d6Lennart Poettering been added to query many of these paths for the local
d3a3f22267a7dac426b07a7ed0baa1632f5daf04Kay Sievers machine and user.
d3a3f22267a7dac426b07a7ed0baa1632f5daf04Kay Sievers * Automatic time-based clean-up of $XDG_RUNTIME_DIR is no
d3a3f22267a7dac426b07a7ed0baa1632f5daf04Kay Sievers longer done. Since the directory now has a per-user size
d3a3f22267a7dac426b07a7ed0baa1632f5daf04Kay Sievers limit, and is cleaned on logout this appears unnecessary,
d3a3f22267a7dac426b07a7ed0baa1632f5daf04Kay Sievers in particular since this now brings the lifecycle of this
d3a3f22267a7dac426b07a7ed0baa1632f5daf04Kay Sievers directory closer in line with how IPC objects are handled.
d3a3f22267a7dac426b07a7ed0baa1632f5daf04Kay Sievers * systemd.pc now exports a number of additional directories,
d3a3f22267a7dac426b07a7ed0baa1632f5daf04Kay Sievers including $libdir (which is useful to identify the library
465349c06d994dd2cc6b6fc4109ac0b9952d500aLennart Poettering path for the primary architecture of the system), and a
e01a15b71e18bf2008aec7e75041ffa42eb80b80Kay Sievers couple of drop-in directories.
abd55b16547d0bb0ed1c31e72e16838f0f59f48bKay Sievers * udev's predictable network interface names now use the dev_port
3f60bcb5e69846fe8a3156ca1c9a7e0813ac158aKay Sievers sysfs attribute, introduced in linux 3.15 instead of dev_id to
abd55b16547d0bb0ed1c31e72e16838f0f59f48bKay Sievers distinguish between ports of the same PCI function. dev_id should
abd55b16547d0bb0ed1c31e72e16838f0f59f48bKay Sievers only be used for ports using the same HW address, hence the need
abd55b16547d0bb0ed1c31e72e16838f0f59f48bKay Sievers for dev_port.
169c4f65131fbc7bcb51e7d5487a715cdcd0e0ebLennart Poettering * machined has been updated to export the OS version of a
169c4f65131fbc7bcb51e7d5487a715cdcd0e0ebLennart Poettering container (read from /etc/os-release and
fb0864e7b9c6d26269ccea6ec5c0fd921c029781Lennart Poettering /usr/lib/os-release) on the bus. This is now shown in
fb0864e7b9c6d26269ccea6ec5c0fd921c029781Lennart Poettering "machinectl status" for a machine.
9586cdfab6a2638078702b7fea7e16b3a71899e2Lennart Poettering * A new service setting RestartForceExitStatus= has been
7f110ff9b8828b477e87de7b28c708cf69a3d008Lennart Poettering added. If configured to a set of exit signals or process
7f110ff9b8828b477e87de7b28c708cf69a3d008Lennart Poettering return values, the service will be restarted when the main
d0e5a33374cee92962af33dfc03873e470b014f6Lennart Poettering daemon process exits with any of them, regardless of the
d0e5a33374cee92962af33dfc03873e470b014f6Lennart Poettering Restart= setting.
d0e5a33374cee92962af33dfc03873e470b014f6Lennart Poettering * systemctl's -H switch for connecting to remote systemd
87a8baa35d6d65ac3b58ae8e26e338e67f8ae8edLennart Poettering machines has been extended so that it may be used to
87a8baa35d6d65ac3b58ae8e26e338e67f8ae8edLennart Poettering directly connect to a specific container on the
87a8baa35d6d65ac3b58ae8e26e338e67f8ae8edLennart Poettering host. "systemctl -H root@foobar:waldi" will now connect as
87a8baa35d6d65ac3b58ae8e26e338e67f8ae8edLennart Poettering user "root" to host "foobar", and then proceed directly to
65c0cf7108ae3537a357c74b4586a783baba82f9Lennart Poettering the container named "waldi". Note that currently you have to
65c0cf7108ae3537a357c74b4586a783baba82f9Lennart Poettering authenticate as user "root" for this to work, as entering
f957632b960a0a42999b38ded7089fa602b41745Kay Sievers containers is a privileged operation.
f957632b960a0a42999b38ded7089fa602b41745Kay Sievers Contributions from: Andreas Henriksson, Benjamin Steinwender,
ad740100d108282d0244d5739d4dcc86fe4c5fdeLennart Poettering Carl Schaefer, Christian Hesse, Colin Ian King, Cristian
ad740100d108282d0244d5739d4dcc86fe4c5fdeLennart Poettering Rodríguez, Daniel Mack, Dave Reisner, David Herrmann, Eugene
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering Yakubovich, Filipe Brandenburger, Frederic Crozat, Hristo
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering Venev, Jan Engelhardt, Jonathan Boulle, Kay Sievers, Lennart
f38afcd0c7f558ca5bf0854b42f8c6954f8ad7f3Lennart Poettering Poettering, Luke Shumaker, Mantas Mikulėnas, Marc-Antoine
7d441ddb5ca090b5a97f58ac4b4d97b3e84fa81eLennart Poettering Perennou, Marcel Holtmann, Michael Marineau, Michael Olbrich,
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering Michał Bartoszkiewicz, Michal Sekletar, Patrik Flykt, Ronan Le
14e639ae7a1dbf156273ce697d30fbc6c6594209Lennart Poettering Martret, Ronny Chevalier, Ruediger Oertel, Steven Noonan,
ff01d048b4c1455241c894cf7982662c9d28fd34Lennart Poettering Susant Sahani, Thadeu Lima de Souza Cascardo, Thomas Hindoe
ff01d048b4c1455241c894cf7982662c9d28fd34Lennart Poettering Paaboel Andersen, Tom Gundersen, Tom Hirst, Umut Tezduyar
d3c7d7dd77b2b72315164b672462825cef6c0f9aKay Sievers Lindskog, Uoti Urpala, Zbigniew Jędrzejewski-Szmek
1d6702e8d3877c0bebf3ac817dc45ff72f5ecfa9Lennart Poettering -- Berlin, 2014-07-03
1d6702e8d3877c0bebf3ac817dc45ff72f5ecfa9Lennart PoetteringCHANGES WITH 214:
71092d70af35567dd154d3de2ce04ce62e157a7cLennart Poettering * As an experimental feature, udev now tries to lock the
1258097cd3cdbc5dd3d264850119e553a29c5068Lennart Poettering disk device node (flock(LOCK_SH|LOCK_NB)) while it
1258097cd3cdbc5dd3d264850119e553a29c5068Lennart Poettering executes events for the disk or any of its partitions.
1258097cd3cdbc5dd3d264850119e553a29c5068Lennart Poettering Applications like partitioning programs can lock the
a4c279f87451186b8beb1b8cc21c7cad561ecf4bLennart Poettering disk device node (flock(LOCK_EX)) and claim temporary
a4c279f87451186b8beb1b8cc21c7cad561ecf4bLennart Poettering device ownership that way; udev will entirely skip all event
7c697168102cb64c5cb65a542959684014da99c7Lennart Poettering handling for this disk and its partitions. If the disk
253ee27a0c7a410d27d490bb79ea97caed6a2b68Lennart Poettering was opened for writing, the close will trigger a partition
71092d70af35567dd154d3de2ce04ce62e157a7cLennart Poettering table rescan in udev's "watch" facility, and if needed
8d0e38a2b966799af884e78a54fd6a2dffa44788Lennart Poettering synthesize "change" events for the disk and all its partitions.
f28f1daf754a9a07de90e6fc4ada581bf5de677dLennart Poettering This is now unconditionally enabled, and if it turns out to
f28f1daf754a9a07de90e6fc4ada581bf5de677dLennart Poettering cause major problems, we might turn it on only for specific
f28f1daf754a9a07de90e6fc4ada581bf5de677dLennart Poettering devices, or might need to disable it entirely. Device Mapper
f28f1daf754a9a07de90e6fc4ada581bf5de677dLennart Poettering devices are excluded from this logic.
a012ab5293a28af93454b3105ca85ca148b1c11fDave Reisner * We temporarily dropped the "-l" switch for fsck invocations,
88a07670cfa974a605c7c7b520b8a3135fce37f9Lennart Poettering since they collide with the flock() logic above. util-linux
88a07670cfa974a605c7c7b520b8a3135fce37f9Lennart Poettering upstream has been changed already to avoid this conflict,
88a07670cfa974a605c7c7b520b8a3135fce37f9Lennart Poettering and we will readd "-l" as soon as util-linux with this
71092d70af35567dd154d3de2ce04ce62e157a7cLennart Poettering change has been released.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * The dependency on libattr has been removed. Since a long
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering time, the extended attribute calls have moved to glibc, and
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering libattr is thus unnecessary.
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering * Virtualization detection works without priviliges now. This
b44be3ecf6326c27aa2c6c6d1fe34e22e22592a0Lennart Poettering means the systemd-detect-virt binary no longer requires
b23de6af893c11da4286bc416455cd0926d1532eLennart Poettering CAP_SYS_PTRACE file capabilities, and our daemons can run
21bdae12e11ae20460715475d8a0c991f15464acLennart Poettering with fewer privileges.
9534ce54858c67363b841cdbdc315140437bfdb4Lennart Poettering * systemd-networkd now runs under its own "systemd-network"
9534ce54858c67363b841cdbdc315140437bfdb4Lennart Poettering user. It retains the CAP_NET_ADMIN, CAP_NET_BIND_SERVICE,
68c7d001f4117f0c3d0a4582e32cbb03ae5fac57Lennart Poettering CAP_NET_BROADCAST, CAP_NET_RAW capabilities though, but
796b06c21b62d13c9021e2fbd9c58a5c6edb2764Kay Sievers loses the ability to write to files owned by root this way.
68c7d001f4117f0c3d0a4582e32cbb03ae5fac57Lennart Poettering * Similar, systemd-resolved now runs under its own
7a2a0b907b5cc60f5d9a871997d7d6e7f62bf4d8Lennart Poettering "systemd-resolve" user with no capabilities remaining.
5d0fcd7c8d29340ac9425c309e8ac436a9af699cLennart Poettering * Similar, systemd-bus-proxyd now runs under its own
5d0fcd7c8d29340ac9425c309e8ac436a9af699cLennart Poettering "systemd-bus-proxy" user with only CAP_IPC_OWNER remaining.
f530371f1f85a070d7d0fb5112146a43533ae00bLennart Poettering * systemd-networkd gained support for setting up "veth"
e707c49485b8f4f2ec040d3da232d39153e650b9Lennart Poettering virtual ethernet devices for container connectivity, as well
a19554ed92a7460b4e709cc40c558cde827ab85bLennart Poettering as GRE and VTI tunnels.
a74a8793b04de9886b4f6987b9cb86fa02c73520Lennart Poettering * systemd-networkd will no longer automatically attempt to
3040728b6691ea2e9df3a2060e2d49a792bbaedaLennart Poettering manually load kernel modules necessary for certain tunnel
3679d1126bae52e02f6cd60fca196f616b9e660dLennart Poettering transports. Instead, it is assumed the kernel loads them
3679d1126bae52e02f6cd60fca196f616b9e660dLennart Poettering automatically when required. This only works correctly on
3679d1126bae52e02f6cd60fca196f616b9e660dLennart Poettering very new kernels. On older kernels, please consider adding
3679d1126bae52e02f6cd60fca196f616b9e660dLennart Poettering the kernel modules to /etc/modules-load.d/ as a work-around.
73090dc815390f4fca4e3ed8a7e1d3806605daaaLennart Poettering * The resolv.conf file systemd-resolved generates has been
44143309dd0b37d61d7d842ca58f01a65646ec71Kay Sievers moved to /run/systemd/resolve/. If you have a symlink from
3d57c6ab801f4437f12948e29589e3d00c3ad9dbLennart Poettering /etc/resolv.conf, it might be necessary to correct it.
3f7a8c4e9f1d3ce48919e24eb2c9d56dd6fd88d8Kay Sievers * Two new service settings, ProtectHome= and ProtectSystem=,
260abb780a135e4cae8c10715c7e85675efc345aLennart Poettering have been added. When enabled, they will make the user data
2791a8f8dc8764a9247cdba3562bd4c04010f144Lennart Poettering (such as /home) inaccessible or read-only and the system
a8f11321c209830a35edd0357e8def5d4437d854Lennart Poettering (such as /usr) read-only, for specific services. This allows